It’s a fact of life that many employees travel for the holidays. Some bring their laptops and smartphones with them, perhaps to look up funny videos with relatives and/or to snap pictures of the local holiday festivities. By doing so, however, they could unknowingly be exposing themselves to numerous digital risks.

Why would bad actors want to target traveling employees?

The answer is simple. At issue is what those criminals could do with a company’s intellectual property if they were able to steal it off a business person’s device. Julie Weed explores this risk in an article for The New York Times:

The theft of technical product specifications, investment plans, research on mergers and acquisitions, marketing plans and other information can have consequences beyond loss of revenue and market position, Ms. [Samantha] Ravich [of the Foundation for Defense of Democracies] told the Senate Foreign Relations Committee this year. She described potential large-scale effects of state-sponsored economic warfare, which, she said, could disrupt the delivery of items crucial for manufacturing, malware incidents that could disrupt travel and cyberattacks that could force companies to shut down their websites.

To obtain this valuable information, crackers can use “extremely sophisticated” tools to steal intellectual property transmitted by a business person from a potentially unprotected phone, tablet, or laptop. Digital attacks against hotels aren’t new, after all. A bad actor could feasibly infect a hospitality organization’s computer network with malware to prey upon its guests, their devices, and their data. Alternatively, they might have already infected the poorly protected Wi-Fi network of a relative’s home where the business person will be spending the holidays.

Fortunately, companies can help protect their employees who travel during the holidays against these and other digital threats. They can do so by using better security controls on the hardware their employees use and by training their workforce to follow standard digital security advice. Here are five security practices in particular for business people who head home for the holidays and the organizations that employ them:

1. Implement Multi-Factor Authentication (MFA)

In its 2017 Data Breach Investigations Report (DBIR), Verizon Enterprise found that more than four-fifths (81%) of data breaches leveraged stolen or weak passwords as a means of attack. Organizations can help defend their employees against these types of breaches by instituting multi-factor authentication (MFA). Such measures would safeguard access to corporate accounts even in the event someone steals access to a traveling employee’s corporate login details.

2. Institute Access Management

While traveling during the holidays, employees might need to access corporate resources hosted in the cloud from their mobile devices and laptops. Companies can ensure that only authorized persons are capable of viewing this hosted intellectual property by implementing access management policies that govern access to cloud apps based on various attributes such as geo-location, device type and resource sensitivity.

3. Encrypt Sensitive Data

Criminals with sufficient determination can find a way around corporate access controls and establish contact with businesses’ sensitive data. Companies can defend against this possibility by investing in encryption. Such measures should encompass data-at-rest encryption (safeguarding information wherever it resides) and data-in-motion encryption (protecting data as it traverses networks).

4. Disable Bluetooth and Access to Free Wi-Fi Networks

Malicious actors can hide on public Wi-Fi networks and abuse Bluetooth-enabled devices to prey on business travelers. Employees can evade these criminals by connecting to secured Wi-Fi networks and disabling Bluetooth at all times while they’re traveling abroad. They should also consider using a VPN when searching the web or an enterprise VPN solution implemented by their company to access any business systems.

5. Update Your Software

Attackers know that employees don’t always update their devices on a timely basis. As a result, they develop code that exploits open weaknesses. Before employees leave for the holidays, they should make sure their software is up-to-date. Once they return, they should check for any additional software updates and scan their computers for malware.